We’ve been getting asked by customers and prospects about Zoho Campaigns and whether they can use it in a HIPAA compliant manner.
We know the HIPAA industry is vast so we can empathize with just how many people need to use cloud-based services in this sector.
Today we will determine if Zoho Campaigns is HIPAA compliant or not.
About Zoho Campaigns
Zoho Campaigns is email marketing software that allows you to send email campaigns to build your customer base.
Zoho also offers a CRM platform, financial and workplace tools, as well as IT management and HR solutions.
Zoho and the business associate agreement
We’ve previously talked about how a business associate agreement (BAA) is a written contract between a covered entity and a business associate. It is required by law for HIPAA compliance.
I could not find any reference on Zoho’s site about signing a BAA, so I emailed the support team. This was the response:
Is Zoho Campaigns HIPAA compliant?
Zoho will sign a BAA with covered entities, but encryption at rest is a key component for HIPAA compliant email. As Zoho’s team explained, it is not available for all information stored on Zoho’s platform.
Conclusion
Zoho Campaigns can be used in a HIPAA compliant manner, but only if you exclusively use custom fields.
Luckily, there is a better HIPAA compliant email marketing solution that doesn’t have these restrictions: Paubox Marketing.
HIPAA email marketing tools comparison
Paubox Marketing is the only marketing platform that will:
- Sign a BAA
- Provide military-grade encryption
- Allow you to include protected health information (PHI) in your marketing emails
- Allow patients to read your emails directly from their inbox with no extra steps
In addition, Paubox Marketing is HITRUST CSF certified.
Compared to the standard marketing tools, Paubox Marketing is the best option for maintaining HIPAA compliance while harnessing the power of personalized email marketing.
SEE ALSO: Why Paubox Marketing is the Best HIPAA Email Marketing Solution Available
Company | Will they sign a BAA? | Can you send PHI? |
Adobe Campaign | NO | NO |
Campaign Monitor | NO | NO |
Campaigner | NO | NO |
GetResponse | NO | NO |
Hubspot | NO | NO |
Mad Mimi (GoDaddy) | NO | NO |
Mailchimp | NO | NO |
MailerLite | NO | NO |
Marketo (Adobe) | NO | NO |
Salesforce Pardot | NO | NO |
Schedulicity | NO | NO |
SendGrid (Twilio) | NO | NO |
Yesware | NO | NO |
ActiveCampaign | YES | NO |
Constant Contact | YES | NO |
Infusionsoft by Keap | YES | NO |
Salesforce Marketing Cloud | YES | NO |
Zoho Campaigns | YES | NO |
Eloqua (Oracle) | YES | YES ** |
Paubox Marketing | YES | YES |
(** To use Oracle Eloqua in a HIPAA compliant manner, recipients receive two emails for every message you send. Patients must also log into a secure message center to view your message—it does not appear in their inboxes. This creates friction and makes it less likely that your patients will read your marketing email.)